To put it more simply: customers need to be able to respond to network file threats in an adequate manner - including rapidly deploying detection rules for Office 2003/2010 static rules. [as in extracted XML content from 2010 too]

Yara was updated recently in the Malware engine and you are able to apply custom Yara signatures in the engine

There are RSA Malware rules from live (3sets) but they haven't been updated in a while.

There is a set of parsers and application rules that define what is sent to the malware engine for analysis, not the cleanest picture but this is all the interactions I could find for filtering and routing data to the malware service.

^perhaps RSA can confirm how to use o2003/2007 rules with it (aside from the extra meta section bits) and Investigation: Implement Custom YARA Content (fix the images) - or better yet start actively pushing content for Malware server via live for similar scenarios

sadly it's not clear from YARA doc regarding trying to write a rule on either (let's use word as an example) :

a) WordDocument stream for 2003, or

b) document.xml inside a docx in the 2007+?

as I've mentioned in the other thread - it's also not at all clear what happens with docs (presumably ole lib for 2003 and zip + yara rule backed for both?)

I know it isn't programatically attached to MA for file analysis... wish it was but you may have better luck on a file by file basis trying out that analysis tool from the RSA Labs Team and seeing if it gets you better visibility into DDE